I don't know what's wrong, but I have some ideas for gathering more information. From what you've posted, it appears that:
1. kinit can send an AS requests to the realm's KDC (because kinit works) 2. kinit can receive an AS reply from the realm's KDC (because kinit works) 3. ssh can send a TGS request to the realm's KDC (because the request appears in the log) 4. ssh cannot receive a TGS reply from the realm's KDC (because of the error message in the ssh -v output). Some things which might help determine what's wrong: * Set the KRB5_TRACE environment variable to a filename before running kinit and then ssh. Comparing the resulting trace output may determine if ssh is somehow behaving differently from kinit. * Run "kvno host/remote-hostname" to see if you can successfully make TGS requests from a program other than ssh. On 05/27/2013 04:02 PM, kannan rbk wrote: > Dear team, > I am using Kerberos 5. I configured single sign on in ssh. I had a ticket > but I cannot login without password. > I changed "GSSAPIAuthentication yes" in sshd_config and > "GSSAPIAuthentication yes,GSSDelegateCredentials yes" in ssh_config. > Error Trace From "ssh -v" > Cannot connect any kdc server > > It's repeated 3 times. In Kerberos server log, it requests TGS request 4 > times. I am trying to ssh centos machine from Ubuntu. Kinit is working > fine. I am able to login without password from centos to Ubuntu. > > Please help me. > > Regards, > Bharathi Kannan R > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
